URL:

dl.downloadly.ir

Full analysis: https://app.any.run/tasks/de883de2-25e9-4f8d-a389-6b4916947157
Verdict: Malicious activity
Analysis date: October 31, 2023, 11:25:23
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MD5:

7B31DE95ABBDB3554C57227D77E208D9

SHA1:

3FF8952D9FE57E55360B6BAF5203A608A134F4C2

SHA256:

FA68882AE098CE36E8C6053FB8713CB31ABE850B9D835D1EFB0547C05F44683B

SSDEEP:

3:dKS9KUXn:IEnX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4908)

    • Checks proxy server information

      • explorer.exe (PID: 4320)

    • Reads settings of System Certificates

      • explorer.exe (PID: 4320)

    • Reads the Internet Settings

      • explorer.exe (PID: 4320)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe no specs msedge.exe no specs explorer.exe dllhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1744"C:\Windows\system32\DllHost.exe" /Processid:{9F156763-7844-4DC4-B2B1-901F640F5155}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
4320C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
10.0.22000.184 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
4908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "dl.downloadly.ir"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
5884"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=111.0.5563.149 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=111.0.1661.62 --initial-client-data=0x114,0x118,0x11c,0xf0,0x124,0x7ffa2d65b5f8,0x7ffa2d65b608,0x7ffa2d65b618C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
Total events
2 316
Read events
2 299
Write events
12
Delete events
5

Modification events

(PID) Process:(4908) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4908) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4908) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(4908) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4320) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:ZFRqtr
Value:
000000000E0000002200000053B61100000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF207425D647EDD90100000000
(PID) Process:(4320) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:HRZR_PGYFRFFVBA
Value:
00000000D5010000A203000018BCA4017800000080000000F58E35004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F007200650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007800000080000000F58E35004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F007200650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007800000080000000F58E35004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F00720065007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4320) explorer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults
Operation:writeName:data
Value:
D9A7A80101000300EC03F46F000000000A0000000000000049A8A801010103005C4614A6000000000800000000000000D1A8A8010100030064B65611000000004000000000000000D1A8A80101000400FB3B54EB0000000012000000000000002B7ABA01017F0080192CC3DC0000000002000000000000004428C30101000080469996A20000000036000000D20500004428C30103000040EFD5A1DB0000000002000000320000004428C30104000100541F4AF40000000007000000000000009F49DD010100008045734BE1000000007A000000000000004959DD0101000400F34A296B00000000010000006F00000081F7E10104000100C177129C00000000300000001100000081F7E101040002002AF214C2000000000F0000006B000000AA26E701010000801490D0EE010000000200000005000000AA26E701010000801490D0EE020000000B00000054000000C527EB01010000804B8D54FB000000000B000000760000008C5FF2010100030025B04D21000000000100000003000000BFDE08020102008065B49D6B0000000004000000040000005F37110201000080856D77FF00000000020000000B000000A410270201000080260FB9F900000000150000000E000000FDBE49020302030002B3A81C000000000200000056000000
(PID) Process:(4320) explorer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults
Operation:writeName:data
Value:
D9A7A80101000300EC03F46F00000000180000000000000049A8A801010103005C4614A6000000000900000000000000D1A8A8010100030064B6561100000000A000000000000000D1A8A80101000400FB3B54EB0000000021000000000000007545B801010002002972674D0000000001000000F2050000C8CCB901010000809261763600000000030000009C000000AFFBB9010100008055161AFB0000000001000000F92E00002B7ABA01017F0080192CC3DC0000000002000000000000004428C30101000080469996A20000000064000000450A00004428C30103000040EFD5A1DB0000000002000000320000004428C30104000100541F4AF40000000009000000000000002C06D801010004008A1488B400000000020000001C0200004245D90101000700436CB73F0000000001000000750500004245D901010008006413A6350000000001000000231200009F49DD010100008045734BE1000000007A000000000000004959DD0101000400F34A296B00000000010000006F00000081F7E10104000100C177129C000000007B0000002F00000081F7E101040002002AF214C2000000002800000078010000D81BE20104000500FCAC50C7000000000100000001000000AA26E701010000801490D0EE010000000200000005000000AA26E701010000801490D0EE020000000E00000069000000DA49E80101000080C483AE790000000001000000900000007FE9E901017F0080A5B9B0290000000001000000090000007FE9E9010200050089B029380000000007000000CB010000C527EB01010000804B8D54FB000000000E000000980000007C22ED01017F0080FE0EED5500000000010000000C0000008C5FF2010100030025B04D21000000000200000004000000BA0BF30101000000248CDFD400000000010000002C0000006EFCF3010100010079586E9900000000070000009C0100006EFCF30101000200E2D270BF0000000008000000510000006EFCF301017F03004B4D73E5000000008C020000FF0400006EFCF30101000080105E37360000000034020000200000003F0EF40101000080E58C865C00000000330000002E010000EE8FF801010000809096E6C200000000010000003A0000003D4A060201000080C39240F0000000000400000028000000564A060201000080784A674B000000000100000025000000BFDE08020102008065B49D6B000000000A0000000F0000005F37110201000080856D77FF00000000030000000E00000088531E0203000100A5067F52000000000100000033000000A410270201000080260FB9F9000000002A00000080000000FDBE49020302030002B3A81C000000000200000056000000
(PID) Process:(4320) explorer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults
Operation:writeName:timestamp
Value:
B8CB0E6500000000
(PID) Process:(4320) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:ZFRqtr
Value:
000000000E0000002300000053B61100000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF207425D647EDD90100000000
Executable files
0
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
4908msedge.exeC:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\CRASHPAD\SETTINGS.DATbinary
MD5:449623918522C6C7ADCEAE270608FE52
SHA256:039B27CC97CEC3D1646D0FB586BC367AA195C1E26A721FADDFFD6C3480218072
4320explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:84418143D4EA6C829486C2E0B588D9BB
SHA256:94941FD0417BF809EADC4CDA6234B1C07E8AA8403D2E264858A2747CFBFF02E3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
64
DNS requests
61
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4320
explorer.exe
GET
200
67.27.157.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e33348ba13c09b82
unknown
compressed
4.66 Kb
unknown
6692
msedge.exe
GET
200
67.27.157.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f4d935a5fab3eebd
unknown
compressed
61.6 Kb
unknown
5644
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
der
471 b
unknown
1292
svchost.exe
GET
200
2.21.20.150:80
http://www.msftconnecttest.com/connecttest.txt
unknown
text
22 b
unknown
1292
svchost.exe
GET
200
2.21.20.150:80
http://www.msftconnecttest.com/connecttest.txt
unknown
text
22 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1048
svchost.exe
104.102.28.147:443
fs.microsoft.com
Akamai International B.V.
IT
unknown
6692
msedge.exe
224.0.0.251:5353
unknown
6692
msedge.exe
239.255.255.250:1900
whitelisted
4320
explorer.exe
67.27.157.254:80
LEVEL3
US
unknown
5644
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5644
svchost.exe
40.126.32.72:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1728
msedge.exe
204.79.197.200:443
edgeservices.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1728
msedge.exe
193.151.157.27:443
dl.downloadly.ir
Asre Dadeha Asiatech
IR
unknown
6692
msedge.exe
67.27.157.254:80
LEVEL3
US
unknown
1728
msedge.exe
20.105.95.163:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
fs.microsoft.com
  • 104.102.28.147
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
edgeservices.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dl.downloadly.ir
  • 193.151.157.27
  • 193.151.157.25
  • 193.151.157.45
  • 193.151.157.26
  • 193.151.157.35
  • 193.151.157.46
  • 193.151.157.28
  • 193.151.157.44
malicious
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
dl-downloadly.110.ir.cdn.ir
  • 193.151.157.157
  • 193.151.157.156
  • 193.151.157.108
  • 193.151.157.155
  • 193.151.157.105
  • 185.147.162.172
  • 193.151.157.106
  • 193.151.157.112
  • 193.151.157.107
  • 193.151.157.158
  • 185.147.162.166
  • 193.151.157.110
  • 193.151.157.109
  • 193.151.157.111
unknown
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
www2.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
edge07.110.ir.cdn.ir
  • 31.7.66.186
unknown
downloadly.ir
  • 185.120.222.190
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Microsoft Connection Test
1292
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
1292
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dl.downloadly.ir